Exploits stories

"Organisations should identify and implement the right cybersecurity playbooks, processes, and tools to proactively protect businesses, customers, and people."

"The discovery of this vulnerability in Stremio underscores the importance of continuous vigilance in the realm of cybersecurity."

Claroty’s research arm, Team82, has disclosed five vulnerabilities in NETGEAR’s RAX30 routers they discovered at the Pwn2Own Toronto hacking competition.

Rapid7 Vulnerability Intelligence Report finds attackers developing and deploying exploits faster, with an 87% increase in first-week exploitation since 2020.

Secureworks has found that the Iranian threat group, Cobalt Sapling, has reemerged with a new persona, Abraham's Ax.

Claroty's research team, Team82, has examined the GE Proficy Historian, finding five exploitable vulnerabilities capable of causing damage to the system.

“When it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant."

Lookout has discovered almost 300 loan apps that exhibit predatory behaviour, such as exfiltrating excessive user data from mobile devices and harassing borrowers for repayment.

Attackers are advancing to keep pace with cloud adoption and response time, according to a new report from Lacework.

The exploitation in remote services has become the primary initial access vector in ransomware attacks over the past year.

In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia.

"While it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore."

One constant that remains as organisations approach a sense of normalcy after a disruptive year is that cyber criminals continue to target and exploit people.

“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."

Attackers exploit weak WiFi, remote endpoints, and the cloud, costing 50% of organisations over $1.3 million in breach damages.

"As zero-day attacks and other vulnerabilities among companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics."

WordPress vulnerabilities more than doubled in 2021, and 77% of them are exploitable.

The widely-used java logging library, log4j, has been actively exploited, according to an update from CERT NZ and Catalyst.

"Our automated security assessment proved that all companies have network services available for connection on their network perimeter, allowing hackers to exploit software vulnerabilities and bruteforce credentials to these services."

Radiflow, the company that provides cybersecurity solutions for industrial automation networks, has launched a business driven industrial risk analytics service known as iRISK.

Microsoft has announced the Speculative Execution Side Channel Bounty Program that is offering up to USD$250,000 to people who reveal novel bugs.

The Australian Cyber Security Centre (ACSC) has issued an official alert to those who use Cisco’s Adaptive Security Appliance (ASA).

An exploit that targeted an Adobe Flash vulnerability looks to be the work of a North Korean group called TEMP.Reaper.

“Ransomware is not a lightning strike – it can happen again and again to the same organisation."